<?php
namespace app\common\tool;

class Tos
{
    private $method = "GET";

    private $service = "sts";

    private $host = "tos.aliyuncs.com";

    private $region = "cn-beijing";

    private $request_parameters = [];

    private $access_key = "AKLTOGZhNzlmODZmOGI4NDVkZmIzZTIzOTZhZWMxNjg2MzQ";

    private $secret_key = "T1RFME1qQTRObUkwT1dZek5EZzBPVGs1WW1JMFlUSmtNV0V6WmpkaU1UQQ==";

    private $action = "AssumeRole";

    private $roleSessionName = "TOS";

    private $roleTrn = "trn:iam::27434536:role/OTS";

    private $version = "2018-01-01";

    private $endpoint = 'https://open.volcengineapi.com';

    public function getStsToken()
    {
        $this->query_parameters = [
            'Action'            => $this->action,
            'RoleSessionName'   => $this->roleSessionName,
            'RoleTrn'           => $this->roleTrn,
            'Version'           => $this->version
        ];
        $request_parameters = http_build_query($this->query_parameters);
        
        $headers = $this->getSignHeaders($this->method, $this->service, $this->host, $this->region, $request_parameters, $this->access_key, $this->secret_key);

        $request_url = $this->endpoint . '?' . $request_parameters;

        echo 'Request URL = ' . $request_url . "\n";
        $res = httpRequest($request_url,[],$headers);
        var_dump($headers);
        var_dump($res);die;
    }

    public function sign($key, $msg) {
        return hash_hmac('sha256', $msg, $key, true);
    }

    public function getSignatureKey($key, $dateStamp, $regionName, $serviceName) {
        $kDate = $this->sign($key, $dateStamp);
        $kRegion = $this->sign($kDate, $regionName);
        $kService = $this->sign($kRegion, $serviceName);
        $kSigning = $this->sign($kService, 'request');
        return $kSigning;
    }

    public function getSignHeaders($method, $service, $host, $region, $request_parameters, $access_key, $secret_key) {
        $contenttype = 'application/x-www-form-urlencoded';
        $accept = 'application/json';
        $t = new \DateTime('now', new \DateTimeZone('UTC'));
        $xdate = $t->format('Ymd\THis\Z');
        $datestamp = $t->format('Ymd');
        
        // *************  1: 拼接规范请求串 *************
        $canonical_uri = '/';
        $canonical_querystring = $request_parameters;
        $canonical_headers = "content-type:$contenttype\nhost:$host\nx-date:$xdate\n";
        $signed_headers = 'content-type;host;x-date';
        $payload_hash = hash('sha256', '');
        $canonical_request = "$method\n$canonical_uri\n$canonical_querystring\n$canonical_headers\n$signed_headers\n$payload_hash";
        
        // *************  2：拼接待签名字符串 *************
        $algorithm = 'HMAC-SHA256';
        $credential_scope = "$datestamp/$region/$service/request";
        $string_to_sign = "$algorithm\n$xdate\n$credential_scope\n" . hash('sha256', $canonical_request);
        
        // *************  3：计算签名 *************
        $signing_key = $this->getSignatureKey($secret_key, $datestamp, $region, $service);
        $signature = hash_hmac('sha256', $string_to_sign, $signing_key);
        
        // *************  4：添加签名到请求header中 *************
        $authorization_header = "$algorithm Credential=$access_key/$credential_scope, SignedHeaders=$signed_headers, Signature=$signature";
        
        $headers = [
            "Accept: $accept",
            "Content-Type: $contenttype",
            "X-Date: $xdate",
            "Authorization: $authorization_header"
        ];
        
        return $headers;
    }
}